CVE-2021-21485
7.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Summary
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS for JAVA (Telnet Commands) | ENGINEAPI 7.30, 7.31, 7.40, 7.50 | affected |
| SAP SE | SAP NetWeaver AS for JAVA (Telnet Commands) | ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 | affected |
| SAP SE | SAP NetWeaver AS for JAVA (Telnet Commands) | SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 | affected |
| SAP SE | SAP NetWeaver AS for JAVA (Telnet Commands) | J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
- https://launchpad.support.sap.com/#/notes/3001824
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
- https://launchpad.support.sap.com/#/notes/3001824
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.